Security researchers at Stanford University have found that the vast majority of text-based anti-spam tests are easily bypassed. They cracked the CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) mechanisms of several popular web sites.

The researchers tested the query mechanisms of such sites as Google, eBay and Wikipedia. Only Google's CAPTCHA and the reCAPTCHA systems managed to withstand the attacks.

__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump

One should also remember understand that by installing KeyCAPTCHA plugin a webmaster (owner) opens the backdoor for executing scripts in his visitors browsers loaded from KeyCAPTCHA.com backservers of professional spammers (with a long list of deceptive practices)
Read:

while a webmaster cannot control or even see what is being loaded to his visitors and a visitor cannot even reproduce it (they use for it various tricks like intermittent spamming, only on first couple of min of first visit, on 1st passing, geo-targeting, etc.)